Security Bulletin: Public disclosed GNU glibc vulnerabilities used by IBM OS Images for RedHat Linux in IBM PureApplication Systems (CVE-2017-16997 CVE-2018-1000001)

Summary There are public disclosed vulnerabilities from GNU glibc that are used by the OS Images for IBM PureApplication System. To address the vulnerabilities in response to CVE-2017-16997 and CVE-2018-1000001, IBM has released Version 2.2.5.3 for IBM PureApplication System, which includes IBM O...

CentOS 7 : glibc (CESA-2018:3092)

An update for glibc is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

dl-daten.de XSS vulnerability

Open Bug Bounty ID: OBB-670147 Description| Value ---|--- Affected Website:| dl-daten.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

ZZCMS SQL Injection Vulnerability (CNVD-2018-15398)

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A SQL injection vulnerability exists in the dl/dlsendmail.php file in ZZCMS version 8.3. A remote attacker can exploit this vulnerability to obtain the administrator password with the help of the 'sql' paramet...

CVE-2018-14961

dl/dlsendmail.php in zzcms 8.3 has SQL Injection via the sql parameter...

CVE-2018-1438

IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystem products 6.1, 6.2, 6.3, 6.4, 7.1, 7.2, 7.3, 7.4, 7.5, 7.6, 7.6.1, 7.7, 7.7.1, 7.8, 7.8.1, 8.1, and 8.1.1 web handler /DLSnap could allow an unauthenticated attacker to read arbitrary files on the system. IBM...

PT-2018-18966 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: zzcms version 8.2 Description: The issue allows SQL injection via the id parameter in a "dl/dl sendsms.php" request. Recommendations: For zzcms version 8.2, avoid using the id parameter in the "dl/dl sendsms.php" request until the issue is...

MGASA-2018-0130 Updated mpv packages fix security vulnerability

Josef Gajdusek reported that mpv 0.27.0 was vulnerable to an attack through it's youtube-dl hook. This could cause remote code execution. This upstream update creates of list of sure protocols to use through the hook...

Updated mpv packages fix security vulnerability

Josef Gajdusek reported that mpv 0.27.0 was vulnerable to an attack through it's youtube-dl hook. This could cause remote code execution. This upstream update creates of list of sure protocols to use through the hook...

openSUSE Security Update : mpv (openSUSE-2018-173)

This update for mpv fixes the following issues : MPV was updated to version 0.27.2 Security issues fixed : - CVE-2018-6360: Additional fix for where mpv allowed remote attackers to execute arbitrary code via a crafted website, because it read HTML documents containing VIDEO elements, and accepts...

[ASA-201802-7] mpv: arbitrary code execution

Arch Linux Security Advisory ASA-201802-7 ========================================= Severity: High Date : 2018-02-13 CVE-ID : CVE-2018-6360 Package : mpv Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-605 Summary ======= The package mpv before version...

FreeBSD : mpv -- arbitrary code execution via crafted website (3ee6e521-0d32-11e8-99b0-d017c2987f9a)

mpv developers report : mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted website, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdlhook.lua. For example, an...

CVE-2018-6360

mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdlhook.lua. For example, an av://lavfi:ladspa=file= UR...

CVE-2018-6360

mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdlhook.lua. For example, an av://lavfi:ladspa=file= UR...

CVE-2018-6360

mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdlhook.lua. For example, an av://lavfi:ladspa=file= UR...

CVE-2018-6360

mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdlhook.lua. For example, an av://lavfi:ladspa=file= UR...

CVE-2018-6360

mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdlhook.lua. For example, an av://lavfi:ladspa=file= UR...

CVE-2018-6360

mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdlhook.lua. For example, an av://lavfi:ladspa=file= UR...

mpv -- arbitrary code execution via crafted website

mpv developers report: mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdlhook.lua. For example, an...

dl-z.ml Open Redirect vulnerability

Open Bug Bounty ID: OBB-429663 Description| Value ---|--- Affected Website:| dl-z.ml Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Remediation Guide:| OWASP Open Redirect Cheat Sheet Vulnerable URL...